From c2c13f2df42e0691aecabe3979ea81cd7faa35c7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 20 Mar 2014 04:16:39 +0100 Subject: unit: turn off mount propagation for udevd Keep mounts done by udev rules private to udevd. Also, document how MountFlags= may be used for this. --- man/systemd.exec.xml | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) (limited to 'man/systemd.exec.xml') diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 784b48fff4..f47826ce4a 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -962,13 +962,43 @@ , or , which - control whether the file system - namespace set up for this unit's - processes will receive or propagate - new mounts. See + control whether mounts in the file + system namespace set up for this + unit's processes will receive or + propagate mounts or unmounts. See mount2 - for details. Default to - . + for details. Defaults to + . Use + to ensure that + mounts and unmounts are propagated + from the host to the container and + vice versa. Use + to run processes so that none of their + mounts and unmounts will propagate to + the host. Use + to also ensure that no mounts and + unmounts from the host will propagate + into the unit processes' + namespace. Note that + means that file + systems mounted on the host might stay + mounted continously in the unit's + namespace, and thus keep the device + busy. Note that the file system + namespace related options + (PrivateTmp=, + PrivateDevices=, + ReadOnlyDirectories=, + InaccessibleDirectories= + and + ReadWriteDirectories=) + require that mount and unmount + propagation from the unit's file + system namespace is disabled, and + hence downgrade + to + . + -- cgit v1.2.3-54-g00ecf